<?php
$mobile = _POST('mobile', '');
$smscode = _POST('smscode', '');
$password = _POST('password', '');
$repassword = _POST('repassword', '');

if (!mobile_filter($mobile))
{
    abort('手机号码无效!');
}

($user = $GLOBALS['db']->getRow('SELECT user_id,salt FROM '.$GLOBALS['ecs']->table('users')." WHERE mobile_phone='{$mobile_phone}'")) || abort('该手机号码未注册过!');

if (!preg_match('/^[0-9a-zA-Z]{4,32}$/', $smscode))
{
    abort('短信验证码无效!');
}

$password_len = strlen($password);

if ($password_len < 6 || $password_len > 20)
{
    abort('密码为6到32位字符!');
}

if ($password !== $repassword)
{
    abort('两次输入密码不一致!');
}

try {
    sms_verify($mobile, $smscode) || abort(7);
} catch (Exception $e) {
    abort($e->getMessage());
}

$password = md5($password.$user['salt']);

$sql = "UPDATE ".$GLOBALS['ecs']->table('users')." SET password={$password} WHERE user_id={$user['user_id']}";
$GLOBALS['db'] ->query($sql) || abort('重置密码失败!');

return [];